Specialist IT Auditor – IT security (Sasolburg)
Remuneration: | Market related |
Location: | Sasolburg |
Type: | Permanent |
Company: | Sasol |
Job purpose:
- The incumbent will report to the head of IT audit, and in accordance with the Sasol Assurance Services (SAS) Charter as approved by the Sasol Limited Audit Committee, his/her tasks will be to:
-
- Direct and execute the IT project and governance audits of the Sasol Group.
- Ensure that the quality of audits executed are in alignment with the Sasol Assurance Services Operating Manual (SASOM).
- Manage the allocation of audit resources on assignments and projects.
- Manage the execution of IT audits and act in the role of a subject matter expert for audits managed and executed.
- Manage the execution of audits to be within budgeted planned hours.
- Ensure timely reporting of assigned audit tasks and follow established reporting protocols.
- Integrate with other departments with regard to knowledge sharing on audit tasks being managed and executed.
- Act as liaison with clients.
Functional outputs:
1. Audit task planning:
- Review/compiling of the planning memorandum to ensure focus on high risks.
- Review/compiling of the audit program to ensure audit objectives are met.
2. Audit execution/reporting:
- Review/ prepare audit evidence supporting the reported findings in the audit report.
- Manage the execution of the audits and execute own audits to ensure factual and timely reports with the flexibility to adapt to change.
- Plan/execute overseas audits when required.
3. Internal audit reporting:
- Periodically compile status reports to all relevant stakeholders for the area of specialisation and Vice President: Projects and Combined Assurance and/or Chief Assurance Officer (CAO), as appropriate and in accordance with the Reporting Protocol.
- Prepare report on quarterly basis for the Group Executive Committee (GEC) and the Sasol Limited Audit Committee on significant governance issues identified and progress against annual audit plan for area of specialisation.
- Factual, comprehensive and timely reporting to Operating Model Entities’ and Functions’ management, Governance Committees, Boards and relevant stakeholders.
4. Quality control:
- Review all audit reports prior to submission to head of IT Audit and ensure that all reporting protocols are observed.
- Conduct review of audit working papers.
- Assist in conducting quarterly peer reviews of audit working papers.
- Complete task assessments of all team members of audit tasks managed and take appropriate corrective actions to ensure corrective measures for quality concerns identified.
5. Specialist advice:
- On request review policy and procedures.
- Attend and provide specialist advice on request at project steering committee meetings or client meetings.
- Ad hoc requests for specialist advice.
6. Special ad hoc requests:
- Conduct specific ad hoc audit requests as and when required.
- Communicate and assess the relevance of requests from business management to line manager and allocate resources as necessary.
- Execute special requests by the Audit Committee as and when required.
7. Audit planning and management:
- Assist in developing an annual audit plan for area of responsibility – IT projects and governance.
- Develop/execute a functional work plan and schedule in order to execute and to complete the IT audit plan based on priorities and risks with flexibility.
- Weekly feedback to Head of IT Audit on resource requirements, audit status and budget control of audits allocated and managed by self to enable effective scheduling of annual audit plan.
- Perform allocated audit, management and/or administrative tasks as and when allocated by the head of IT Audit.
8. Sasol Assurance Services Management:
- Maintain and update standard audit programs.
- Support the developed tactical plans to support the implementation of the Sasol Assurance Services and IT Audit strategy.
- Act as a change manager and assist in driving the implementation of innovative improvements and tactical changes to Projects & Combined Assurance processes and systems effectively and efficiently.
- Stay abreast of new developments in the assurance and IT project and governance environments and make recommendations on necessary changes.
- Lead team and be a role model for Sasol values.
- Manage delivery to ensure requirements of the Sasol Limited Audit Committee in terms of our performance measures are met.
- Manage team effectiveness.
- Communicate requirements and assist in implementing skills improvement and team development through training and exposure.
- Proactively engage and share knowledge with other teams in order to drive integration between all departments within Assurance Services.
9. Values and Ethics:
- Being a role model in living the Sasol shared values and complying to the Code of Ethics and Guide to Code of Ethics.
Relationships, teamwork and Collaboration: Internal and/or external stakeholder management
Stakeholder engagement:
- Attend, monitor, evaluate and contribute to discussions at relevant committees, forums, projects and steering committees where assurance about the area of specialisation is being discussed.
- Identify and communicate any significant risks not yet identified through the risk management process.
- Issue and discuss all audit findings with senior management (internal and external).
- Shares knowledge, networks and collaborates with assurance services colleagues on internal audit findings.
- Contribute to advice provided on Corporate Governance frameworks.
- Discuss and obtain input on annual audit plan.
- Build constructive working relationships with manager, peers, clients and other service providers.
- Communicate and behave professionally so that actions result in high level of credibility, trust and respect.
Job requirements
Minimum qualifications:
- University B-Degree with information security, information management and auditing related subjects as majors.
- Seven+ years of relevant experience (of which at least two years should be supervisory experience), including auditing experience/articles (relevant experience at an audit firm).
- Certified Information Systems Security Professional (CISSP) or similar qualification.
Alternative qualifications and experience to be considered that will be an advantage:
- University B-Degree with honours with information technology/information management and auditing related subjects as majors, or
- Seven+ years’ relevant experience (of which at least two years should be supervisory experience), including articles.
- Certified Ethical Hacking (CEH).
Minimum experience
Subject matter expertise focusing on:
- Internal auditing
- IT/IM related auditing using Cobit as the basis (IT governance, information security, general IT controls, applications controls and emerging technologies audits)
- Information security audits
- IT project life-cycle framework (Waterfall and Agile)
- IT consulting
- Emerging technologies
- Data analytics and computer-assisted auditing techniques.
Additional qualifications/certifications that will be an advantage:
- Certified Information Systems Auditor (CISA)
- Certified Information Security Manager (CISM)
- Information Systems Security Architecture Professional (ISSAP)
- Qualifications relating to emerging technologies.
Closing date: 24 March 2020
Applications should be emailed to:
moc.losas@isinM.elizmuhP
Note: Failure to provide Sasol with truthful information and valid documents will render your application null and void. If you don’t hear from us within a month (30 days) after the closing date of the advert, please regard your application as unsuccessful.
Follow us on: YouTube, LinkedIn, Twitter, Instagram, http://www.sasol.com
Posted on 18 Mar 12:05
Phumzile Mnisi
Create your CV once, and thereafter you can apply to this ad and future job ads easily.